Technological discussion on PS3 security and crack.*
- Thread starter senas8
- Start date
I would think (hope?) disc imaging and signing are separate. There's reasons to need actual discs to test load times and such on debug units for devs (Insomniac mentioned that stage of development iirc), so more people would have disc imaging than they would key signing, which only needs to be done before pressing. Plus it says it's a demo build.
Dunno if that helps any.
ShadowRunner
Veteran
Exactly what i was thinking, this isnt going to be creating signed code, it will be a dev tool for creating discs that can be used on dev kits. As this suff can already be run from the HDD in debug mode it seems pretty useless for taking things further.
In the short term the most worrying thing id say is the new information they now have on the bluray drive.
In the short term the most worrying thing id say is the new information they now have on the bluray drive.
NathansFortune
Regular
OK well that makes sense. In which case there isn't much of anything new there unless you are a pirate group that want to sell discs. All that will happen in this case is that people who have hacked will now be able to run disc based games rather than being forced to back up and play from the back up. It will possible also allow development of an ISO loader for debug enabled retail units.
They still should have to worry about the hypervisor as neither the SDK or the service manual should have info on that. However the hardware specs and knowing what pin does what certainly makes the hackers job easier as their is no stumbling around in the dark anymore. Plus any other service back doors will be detailed in there.
So for the moment Sony has to rely on the hypervisor and suing people into oblivion.
So for the moment Sony has to rely on the hypervisor and suing people into oblivion.
Removed non-technical discussion. My fault for not nipping it in the bud with the first rant about piracy. Although the soap-opera of the hackers was nothing to do with me! 
As for the current state of PS3 hackedness, this latest episode has diverted us from the real meat. The USB Jig and its associaited application is new and we don't know how it works, and the service manuals have opened up a hardware vector. This latter one could maybe allow custom firmware chips to be added to prevent lockouts by Sony. Then again, for all we know GeoHotz had access to these docs when he made his hack which had to do with timings. That seems highly probable now, and would mean the scene hasn't changed, only we've become aware of what tools the scene has to work with.
Interesting observation is that's copyrighted 2007, so it's an old piece of code that Sony will already be aware of, I'm sure.
Taken from the GAF thread, it looks like SCE's internal toolset for disc imaging which probably means it signs code.
Yes, this is the dev tool for creating test discs and .PKGs packages that can be redistributed onto PS3s. And they only work with debug PS3s because the code is unsigned. It cannot create a full-fledged PS3 game disc. That is presumably handled in Sony's top-level manufacturing, and access to that will be extremely limited, unlike an SDK that's sent to every developer.
This makes me wonder about Sony's internal security. SDK 1.6 is out. Are any later ones out, or did Sony plug that leak? They must be aware of such leaks (they should have a mole in the hacker scene) and they must be aware of what problems come with that, so must at least want to address that somehow even if they haven't found a way to control leaks. Designing a security system, certainly for next gen given the lesson of this one, is going to have to factor in that NDAs and the threat of litigation aren't enough to protect a platform from internal breaches.
As for the current state of PS3 hackedness, this latest episode has diverted us from the real meat. The USB Jig and its associaited application is new and we don't know how it works, and the service manuals have opened up a hardware vector. This latter one could maybe allow custom firmware chips to be added to prevent lockouts by Sony. Then again, for all we know GeoHotz had access to these docs when he made his hack which had to do with timings. That seems highly probable now, and would mean the scene hasn't changed, only we've become aware of what tools the scene has to work with.
Indeed. I was able to find a story of the leaked 1.6 SDK dated June 7, 2007.
1.92 was leaked as well, and it's the version that was used to build the code on the ps3jailbreak. Nothing since 1.92 though, and as I recall, SDK numbering tends to sync with the firmware, so Sony might have plugged the leaks years ago.
Looking back, I'm almost certain it's the bolded scenario. He was glitching points all over his PS3; remember how his MAC address was all FF? He said it was the result of an earlier hack attempt. That he never had to replace his system suggests that he knew what he was glitching.
I`d go as far as saying that every console since the PS1 was hacked using internal docs (first time access to the system). Just doesnt seem possible otherwise, of course unless the docs get leaked you can never prove it.
The only exception mightve been the PS2 which had alot hardware documented within the Linux Kit, I dont know if the modchips came before or after.
Got to get to work so I have to post this in a hurry.. no translation:
http://www.gamefreax.de/psjailbreak-reverse-engineered.html
http://www.gamefreax.de/psjailbreak-reverse-engineered.html
Interesting and detailed analysis (in German): http://www.gamefreax.de/psjailbreak-reverse-engineered.html
It's starting to look like it's actually a buffer overflow into the PS3's USB driver (through the configuration descriptor), although apparently the device ID of the jig is involved. According to one translation I read of the German analysis, it's pretending to be a USB hub and connecting and disconnecting six devices in a matter of milliseconds, one of which has the device ID of the Sony jig.
Sounds like they're exploiting a race condition involved with booting into repair mode and verifying the jig; that kind of thing can be really hard to spot even if you've written the drivers. If that's how the crack actually works, then I'm impressed. This also suggests that Sony didn't leave the retail / debug mode wide open.
Don't know if it's okay to link the PS3 News forums, but I'm going off a translation from a poster there.
It's starting to look like it's actually a buffer overflow into the PS3's USB driver (through the configuration descriptor), although apparently the device ID of the jig is involved. According to one translation I read of the German analysis, it's pretending to be a USB hub and connecting and disconnecting six devices in a matter of milliseconds, one of which has the device ID of the Sony jig.
Sounds like they're exploiting a race condition involved with booting into repair mode and verifying the jig; that kind of thing can be really hard to spot even if you've written the drivers. If that's how the crack actually works, then I'm impressed. This also suggests that Sony didn't leave the retail / debug mode wide open.
Don't know if it's okay to link the PS3 News forums, but I'm going off a translation from a poster there.
That was fast
ORDERS that up to and including *31 August 2010, the First to Fourth Respondents and each of them, whether by themselves, their servants or agents, be restrained from doing any of the following acts with respect to all and any Universal Serial Bus devices described as "PSJailbreak" in Exhibit PJC-1 of the affidavit of Peter John Chalk sworn on 26 August 2010 and filed herein, as packaged and distributed or threatened to be distributed by those Respondents (PSJailbreak Devices):
https://www.comcourts.gov.au/file/Federal/P/VID727/2010/actions
ORDERS that up to and including *31 August 2010, the First to Fourth Respondents and each of them, whether by themselves, their servants or agents, be restrained from doing any of the following acts with respect to all and any Universal Serial Bus devices described as "PSJailbreak" in Exhibit PJC-1 of the affidavit of Peter John Chalk sworn on 26 August 2010 and filed herein, as packaged and distributed or threatened to be distributed by those Respondents (PSJailbreak Devices):
https://www.comcourts.gov.au/file/Federal/P/VID727/2010/actions
Last edited by a moderator:
That was fast
ORDERS that up to and including *31 August 2010, the First to Fourth Respondents and each of them, whether by themselves, their servants or agents, be restrained from doing any of the following acts with respect to all and any Universal Serial Bus devices described as "PSJailbreak" in Exhibit PJC-1 of the affidavit of Peter John Chalk sworn on 26 August 2010 and filed herein, as packaged and distributed or threatened to be distributed by those Respondents (PSJailbreak Devices):
https://www.comcourts.gov.au/file/Federal/P/VID727/2010/actions
you can order from china if its important to you. Also it seems a keyhack is set to be released soon
Here comes the clones
First clone
http://translate.google.com/transla...n-des-x3jailbreak-maj-prix.html&sl=auto&tl=en
Price is already down to €49 which is $63 usd. Far cry from the $150 of the original. Next clone will have it down to $30 bucks usd I'd say
First clone
http://translate.google.com/transla...n-des-x3jailbreak-maj-prix.html&sl=auto&tl=en
Price is already down to €49 which is $63 usd. Far cry from the $150 of the original. Next clone will have it down to $30 bucks usd I'd say
Doesn't matter to Sony really whether they rule it illegal or not as long as they can keep it out of most peoples hands till it is patched. Because let's be honest here most of these things travel by word of mouth. The less people that know about it before the upgrade the fixes it the better for Sony. Plus the injunction gives Sony the right to confiscate them which gives Sony a way to get it's hands on a few for analysis.
Similar threads
- Locked